发布时间: 2024年8月9日
修改时间: 2024年8月19日
In the Linux kernel, the following vulnerability has been resolved:USB: core: Fix access violation during port device removalTesting with KASAN and syzkaller revealed a bug in port.c:disable_store():usb_hub_to_struct_hub() can return NULL if the hub that the port belongs tois concurrently removed, but the function does not check for thispossibility before dereferencing the returned value.It turns out that the first dereference is unnecessary, since hub->intfdevis the parent of the port device, so it can be changed easily. Adding acheck for hub == NULL prevents further problems.The same bug exists in the disable_show() routine, and it can be fixed thesame way.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 9.1 |
| Attack Complexity | Low | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | High | |
| User Interaction | None | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3254 | In the Linux kernel, the following vulnerability has been resolved:USB: core: Fix access violation during port device removalTesting with KASAN and syzkaller revealed a bug in port.c:disable_store():usb_hub_to_struct_hub() can return NULL if the hub that the port belongs tois concurrently removed, but the function does not check for thispossibility before dereferencing the returned value.It turns out that the first dereference is unnecessary, since hub->intfdevis the parent of the port device, so it can be changed easily. Adding acheck for hub == NULL prevents further problems.The same bug exists in the disable_show() routine, and it can be fixed thesame way. | 2024年8月1日 |
| 产品 | 包 | 状态 |
|---|---|---|
| V6 | kernel | Fixed |
